Solved

Port mirroring 2nd Nic, sles 10, running VMware Server.

Posted on 2008-06-11
7
1,160 Views
Last Modified: 2013-12-05
I have a Cisco catalyst 2950 that I have setup with Port Mirroring, and I want to connect the port to my 2nd nic card on my SLES 10 server running VMware server.

How do I configure SUSE to pass the port Mirroring information to VMware server, so I can run a Ubuntu server vm guest with Snort and monitor that port.
0
Comment
Question by:lundrog
  • 3
7 Comments
 

Expert Comment

by:palekar
ID: 21762491
Hi,
  As I get it, you have a host server as SLES 10 and you wish to have Ubuntu  Virtual Machine with SNort running.

 You have solution depending on what networking you use for the virtual machine.

(1) If you have used the "Bridged Connection", then you already have a IP from the router, which you can use for monitoring

(2) If you have used "Nat Connection".. you can use the nat config that is shipped with vmware.. to do the port forwarding. Here is a example: http://www.howtogeek.com/howto/vmware/allow-access-to-a-vmware-virtual-machinenat-from-another-computer/

(3) If you use host-only networking.. you will have to put the port forwarding using iptables or firewall on your host.

As far as the second NIC is concerned.. you have to choose the second nic for networking on your vmware network settings.

More info regarding your setup and ports.. will be required to give you a detailed solution
0
 
LVL 3

Author Comment

by:lundrog
ID: 21763393
I have Bridged networking setup, and the Ubuntu Snort Guest VM will have it's own IP Address.
So i just plug the RJ45 in to the 2nd nic, which is connected to the port 23 on the switch,  which is mirroring port 22 on switch, and I do nothing in SUSE to configure it?

Do i have to use any switches / configuration in my VM Guest ( Ubuntu) config file to setup it to see the port mirrored port?

For snort (VMware Guest, Ubuntu)  to have a network address I would configure eth0 in ( VMware Guest, Ubuntu) to point to eth0 in SUSE ( VMware host) and for Snort, ( VMware Guest, Ubuntu) to Sniff, I configure eth1(VMware Guest, Ubuntu) to point to eth1 in SUSE ( VMware host), which would be the port mirroring port ?
0
 
LVL 3

Author Comment

by:lundrog
ID: 21857442
I had to do "ifconfig eth1 -promisc" then "ifconfig eth1" up on both the host system and the guest


You would have to do this for every boot.


Unless anyone knows how to do this automatically.


Thanks
0
 
LVL 3

Author Comment

by:lundrog
ID: 22107307
I got the answer I needed on this post

http://communities.vmware.com/message/978721

Up to you how you assign points.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22134650
PAQed with points refunded (125)

Computer101
EE Admin
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
Teach the user how to install ESXi 5.5 and configure the management network System Requirements: ESXi Installation:  Management Network Configuration: Management Network Testing:
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now